| VID |
28648 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla/Firefox Web browser, according to its version number, contains the XPInstall Insecure File Permission Vulnerability.
Mozilla and Firefox are open-source Web browsers, developed by the Mozilla project. The XPInstall installer in Mozilla versions prior to 1.7.3, Firefox versions prior to 1.0PR sets world read and write permissions when installing certain files. This could allow a local attacker to overwrite or modify arbitrary files, and execute arbitrary code on the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.kb.cert.org/vulns/id/653160
* Platforms Affected:
Mozilla Project, Firefox prior to 1.0PR
Mozilla Project, Mozilla prior to 1.7.3
Any operating system Any version |
| Recommendation |
For Mozilla:
Upgrade to the latest version of Mozilla Suite (1.7.3 or later), available from the Mozilla Web site at http://www.mozilla.org/
For Firefox:
Upgrade to the latest version of Mozilla Firefox (1.0PR or later), available from the Mozilla Web site at http://www.mozilla.org/
For Slackware Linux:
Upgrade to the latest Mozilla package, as listed in slackware-security Mailing List, Wed, 22 Sep 2004 13:39:12 -0700 (PDT) from http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.401801 |
| Related URL |
CVE-2004-0906 (CVE) |
| Related URL |
11192 (SecurityFocus) |
| Related URL |
17375 (ISS) |
|
